grze-siek utworzono 29 czerwca 2008 utworzono 29 czerwca 2008 Proszę o sprawdzenie poniższego loga Logfile of Trend Micro HijackThis v2.0.2Scan saved at 18:27:49, on 2008-06-29Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeD:\programy\PC Tools Firewall Plus\FWService.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeD:\programy\Avira\Avira\AntiVir PersonalEdition Classic\avguard.exeC:\Program Files\Analog Devices\SoundMAX\SMTray.exeD:\programy\DAEMON Tools\daemon.exeD:\Programy\Nokia\Nokia PC Suite 6\LaunchApplication.exeD:\drukarka\OpwareSE4.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeD:\programy\Winamp\winampa.exeD:\programy\Avira\Avira\AntiVir PersonalEdition Classic\avgnt.exeD:\programy\Spyware Doctor\pctsTray.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeD:\programy\PC Tools Firewall Plus\FirewallGUI.exeC:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXED:\programy\Gadu-Gadu\gg.exeD:\Programy\Nokia\Nokia PC Suite 6\PcSync2.exeD:\programy\Skype\Phone\Skype.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exeD:\programy\Avira\Avira\AntiVir PersonalEdition Classic\sched.exeC:\Program Files\CyberLink\Shared files\RichVideo.exeD:\programy\Spyware Doctor\pctsAuxs.exeD:\programy\Spyware Doctor\pctsSvc.exeC:\Program Files\Analog Devices\SoundMAX\SMAgent.exeD:\programy\Alcohol 120\StarWind\StarWindService.exeD:\programy\Skype\Plugin Manager\skypePM.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\wdfmgr.exeC:\Program Files\Canon\CAL\CALMAIN.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\System32\alg.exeC:\WINDOWS\system32\wuauclt.exeD:\programy\Spyware Doctor\update.exeD:\programy\Winamp\winamp.exeD:\programy\Mozilla Firefox\firefox.exeC:\WINDOWS\system32\wbem\wmiprvse.exeD:\programy\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssbR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.plR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TPR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaR3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLLR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dllO2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - D:\drukarka\Easy-WebPrint\EWPBrowseLoader.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dllO2 - BHO: WebManager Class - {D5792AA9-D373-4039-8670-2CDAB6A71F15} - D:\BitDownload\TorrentManager.dll (file missing)O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dllO3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - D:\drukarka\Easy-WebPrint\Toolband.dllO3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exeO4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE C:\WINDOWS\system32\TWEAKUI.CPL,TweakMeUpO4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"O4 - HKLM\..\Run: [DAEMON Tools] "D:\programy\DAEMON Tools\daemon.exe" -lang 1033O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\Programy\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytrayO4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -bootO4 - HKLM\..\Run: [OpwareSE4] "D:\drukarka\OpwareSE4.exe"O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeO4 - HKLM\..\Run: [WinampAgent] D:\programy\Winamp\winampa.exeO4 - HKLM\..\Run: [avgnt] "D:\programy\Avira\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /minO4 - HKLM\..\Run: [iSTray] "D:\programy\Spyware Doctor\pctsTray.exe"O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startupO4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [00PCTFW] "D:\programy\PC Tools Firewall Plus\FirewallGUI.exe" -sO4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO4 - HKCU\..\Run: [PC Firewall] D:\programy\PC Firewall\pcfw.exeO4 - HKCU\..\Run: [Gadu-Gadu] "D:\programy\Gadu-Gadu\gg.exe" /trayO4 - HKCU\..\Run: [PcSync] D:\Programy\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialogO4 - HKCU\..\Run: [skype] "D:\programy\Skype\Phone\Skype.exe" /nosplash /minimizedO4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeO4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /backgroundO4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_02] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\RunOnce: [Magnify] Magnify.exe (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\RunOnce: [Magnify] Magnify.exe (User 'Default user')O4 - Startup: PowerReg Scheduler.exeO8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.htmlO8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Easy-WebPrint ? Dodaj do listy drukowania - res://D:\drukarka\Easy-WebPrint\Toolband.dll/RC_AddToList.htmlO8 - Extra context menu item: Easy-WebPrint ? Drukuj - res://D:\drukarka\Easy-WebPrint\Toolband.dll/RC_Print.htmlO8 - Extra context menu item: Easy-WebPrint ? Drukuj z dużą szybkością - res://D:\drukarka\Easy-WebPrint\Toolband.dll/RC_HSPrint.htmlO8 - Extra context menu item: Easy-WebPrint ? Podgląd - res://D:\drukarka\Easy-WebPrint\Toolband.dll/RC_Preview.htmlO9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dllO9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dllO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\programy\Avira\Avira\AntiVir PersonalEdition Classic\sched.exeO23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - D:\programy\Avira\Avira\AntiVir PersonalEdition Classic\avguard.exeO23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: Outpost Firewall Service (OutpostFirewall) - Unknown owner - C:\Program Files\Agnitum\Outpost Firewall\outpost.exe (file missing)O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - D:\programy\PC Tools Firewall Plus\FWService.exeO23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exeO23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\programy\Spyware Doctor\pctsAuxs.exeO23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\programy\Spyware Doctor\pctsSvc.exeO23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exeO23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\programy\Alcohol 120\StarWind\StarWindService.exe--End of file - 10240 bytes //logi wstawiamy w tagi code a nie quote! //vocativus
CatchMe komentarz 29 czerwca 2008 komentarz 29 czerwca 2008 (edytowane) Paczka do usunięcia w HijackThis: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssbO2 - BHO: WebManager Class - {D5792AA9-D373-4039-8670-2CDAB6A71F15} - D:\BitDownload\TorrentManager.dll (file missing)O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_02] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'USŁUGA SIECIOWA')O4 - Startup: PowerReg [b]Scheduler.exe[/b]O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html Potem daj nowy log + log z ComboFix.
grze-siek komentarz 29 czerwca 2008 Autor komentarz 29 czerwca 2008 yyyyyyy,nie bardzo wiem o co chodzi :/ możesz mi powiedzieć dokładnie,co mam zrobić?jestem trochę zielony w tych sprawach :/
snip91 komentarz 29 czerwca 2008 komentarz 29 czerwca 2008 Zrób jeszcze raz skan HJT, zaznacz wpisy podane przez CatchMe i wciśnij "Fix checked". Jak to wykonasz to zrób nowego loga i wklej tu.
grze-siek komentarz 30 czerwca 2008 Autor komentarz 30 czerwca 2008 Logfile of Trend Micro HijackThis v2.0.2Scan saved at 20:19:00, on 2008-06-30Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeD:\programy\PC Tools Firewall Plus\FWService.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeD:\programy\Avira\Avira\AntiVir PersonalEdition Classic\avguard.exeC:\Program Files\Analog Devices\SoundMAX\SMTray.exeD:\programy\DAEMON Tools\daemon.exeD:\Programy\Nokia\Nokia PC Suite 6\LaunchApplication.exeD:\drukarka\OpwareSE4.exeD:\programy\Winamp\winampa.exeD:\programy\Avira\Avira\AntiVir PersonalEdition Classic\avgnt.exeD:\programy\Spyware Doctor\pctsTray.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeD:\programy\PC Tools Firewall Plus\FirewallGUI.exeD:\programy\Gadu-Gadu\gg.exeD:\Programy\Nokia\Nokia PC Suite 6\PcSync2.exeD:\programy\Skype\Phone\Skype.exeC:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXEC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exeD:\programy\Avira\Avira\AntiVir PersonalEdition Classic\sched.exeC:\Program Files\CyberLink\Shared files\RichVideo.exeD:\programy\Spyware Doctor\pctsAuxs.exeD:\programy\Spyware Doctor\pctsSvc.exeC:\Program Files\Analog Devices\SoundMAX\SMAgent.exeD:\programy\Alcohol 120\StarWind\StarWindService.exeC:\WINDOWS\system32\svchost.exeD:\programy\Skype\Plugin Manager\skypePM.exeC:\WINDOWS\system32\wdfmgr.exeC:\Program Files\Canon\CAL\CALMAIN.exeD:\programy\Winamp\winamp.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\System32\alg.exeC:\WINDOWS\system32\wuauclt.exeD:\programy\Spyware Doctor\update.exeD:\programy\Trend Micro\HijackThis\HijackThis.exeC:\WINDOWS\system32\NOTEPAD.EXEC:\WINDOWS\system32\wbem\wmiprvse.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.plR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TPR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaR3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLLR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dllO2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - D:\drukarka\Easy-WebPrint\EWPBrowseLoader.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dllO3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - D:\drukarka\Easy-WebPrint\Toolband.dllO3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exeO4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE C:\WINDOWS\system32\TWEAKUI.CPL,TweakMeUpO4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"O4 - HKLM\..\Run: [DAEMON Tools] "D:\programy\DAEMON Tools\daemon.exe" -lang 1033O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\Programy\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytrayO4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -bootO4 - HKLM\..\Run: [OpwareSE4] "D:\drukarka\OpwareSE4.exe"O4 - HKLM\..\Run: [WinampAgent] D:\programy\Winamp\winampa.exeO4 - HKLM\..\Run: [avgnt] "D:\programy\Avira\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /minO4 - HKLM\..\Run: [iSTray] "D:\programy\Spyware Doctor\pctsTray.exe"O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startupO4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [00PCTFW] "D:\programy\PC Tools Firewall Plus\FirewallGUI.exe" -sO4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO4 - HKLM\..\Run: [AtiPTA] atiptaxx.exeO4 - HKCU\..\Run: [PC Firewall] D:\programy\PC Firewall\pcfw.exeO4 - HKCU\..\Run: [Gadu-Gadu] "D:\programy\Gadu-Gadu\gg.exe" /trayO4 - HKCU\..\Run: [PcSync] D:\Programy\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialogO4 - HKCU\..\Run: [skype] "D:\programy\Skype\Phone\Skype.exe" /nosplash /minimizedO4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeO4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /backgroundO4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_02] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\RunOnce: [Magnify] Magnify.exe (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\RunOnce: [Magnify] Magnify.exe (User 'Default user')O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Easy-WebPrint ? Dodaj do listy drukowania - res://D:\drukarka\Easy-WebPrint\Toolband.dll/RC_AddToList.htmlO8 - Extra context menu item: Easy-WebPrint ? Drukuj - res://D:\drukarka\Easy-WebPrint\Toolband.dll/RC_Print.htmlO8 - Extra context menu item: Easy-WebPrint ? Drukuj z dużą szybkością - res://D:\drukarka\Easy-WebPrint\Toolband.dll/RC_HSPrint.htmlO8 - Extra context menu item: Easy-WebPrint ? Podgląd - res://D:\drukarka\Easy-WebPrint\Toolband.dll/RC_Preview.htmlO9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dllO9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dllO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\programy\Avira\Avira\AntiVir PersonalEdition Classic\sched.exeO23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - D:\programy\Avira\Avira\AntiVir PersonalEdition Classic\avguard.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: Outpost Firewall Service (OutpostFirewall) - Unknown owner - C:\Program Files\Agnitum\Outpost Firewall\outpost.exe (file missing)O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - D:\programy\PC Tools Firewall Plus\FWService.exeO23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exeO23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\programy\Spyware Doctor\pctsAuxs.exeO23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\programy\Spyware Doctor\pctsSvc.exeO23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exeO23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\programy\Alcohol 120\StarWind\StarWindService.exe--End of file - 9466 bytes nie edytuję,bo pewnie nikt by nie zauważył ... o co chodzi z tym logiem z ComboFix?mam ściągnąć taki program,zrobić skan i dać tutaj log z niego?
seba115 komentarz 30 czerwca 2008 komentarz 30 czerwca 2008 wedlug mnie tutaj jest czysto ale daj jeszcze z ComboFix
Jaskol komentarz 30 czerwca 2008 komentarz 30 czerwca 2008 nie edytuję,bo pewnie nikt by nie zauważył tongue.gif... o co chodzi z tym logiem z ComboFix?mam ściągnąć taki program,zrobić skan i dać tutaj log z niego? Tak program ComboFix ściągasz właczasz robi loga i wklejasz go tutaj w tagach CODE
grze-siek komentarz 30 czerwca 2008 Autor komentarz 30 czerwca 2008 ComboFix 08-06-20.4 - ania 2008-06-30 20:49:09.1 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.241 [GMT 2:00]Running from: C:\Documents and Settings\ania\Pulpit\ComboFix.exe * Created a new restore point[b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b].((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).C:\WINDOWS\system32\h@tkeysh@@k.dllC:\WINDOWS\system32\MSINET.oca.((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-30 ))))))))))))))))))))))))))))))).2008-06-29 19:37 . 2008-06-29 19:37 <DIR> d-------- C:\Documents and Settings\ania\Dane aplikacji\atitray2008-06-29 19:37 . 2006-02-22 03:05 148,498 --a------ C:\WINDOWS\system32\atmplkxx.hlp2008-06-29 19:37 . 2006-02-22 03:05 44,430 --a------ C:\WINDOWS\system32\attplkxx.hlp2008-06-29 19:37 . 2006-02-22 03:05 26,138 --a------ C:\WINDOWS\system32\atfplkxx.hlp2008-06-29 19:26 . 2008-06-29 19:26 <DIR> d-------- C:\Program Files\MultiRes2008-06-29 19:25 . 2008-06-29 19:25 <DIR> d-------- C:\Program Files\Radeon Omega Drivers2008-06-29 19:25 . 2008-06-29 19:25 472,576 --a------ C:\WINDOWS\Radeon Omega Drivers v4.8.442 Uninstall.exe2008-06-29 14:31 . 2008-06-29 17:21 <DIR> d-------- C:\Documents and Settings\ania\Dane aplikacji\SPORE Creature Creator2008-06-28 15:24 . 2008-06-28 15:24 <DIR> d-------- C:\Program Files\Common Files\PC Tools2008-06-28 15:24 . 2008-01-04 14:13 218,520 --a------ C:\WINDOWS\system32\drivers\pctfw2.sys2008-06-28 15:24 . 2008-01-04 14:13 125,848 --a------ C:\WINDOWS\system32\drivers\pctfw.sys2008-06-28 15:24 . 2008-01-04 14:13 40,856 --a------ C:\WINDOWS\system32\drivers\pctmp.sys2008-06-28 15:24 . 2008-01-04 14:13 18,328 --a------ C:\WINDOWS\system32\drivers\pctssipc.sys2008-06-28 14:13 . 2008-06-28 14:13 <DIR> d-------- C:\Documents and Settings\LocalService\Dane aplikacji\AdobeUM2008-06-16 16:19 . 2008-06-16 16:19 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Last.fm2008-06-11 14:57 . 2008-06-14 20:01 273,024 --------- C:\WINDOWS\system32\drivers\bthport.sys2008-06-11 14:57 . 2008-06-14 20:01 273,024 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-06-30 18:53 --------- d-----w C:\Documents and Settings\ania\Dane aplikacji\Skype2008-06-30 17:41 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP2008-06-30 15:25 --------- d-----w C:\Documents and Settings\ania\Dane aplikacji\skypePM2008-06-29 17:01 --------- d-----w C:\Program Files\ATI Technologies2008-06-29 12:31 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll2008-06-29 12:28 --------- d-----w C:\Documents and Settings\ania\Dane aplikacji\U32008-06-29 12:17 --------- d--h--w C:\Program Files\InstallShield Installation Information2008-06-28 19:09 --------- d-----w C:\Documents and Settings\ania\Dane aplikacji\ZoomBrowser EX2008-06-28 19:07 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\ZoomBrowser2008-06-16 13:43 --------- d-----w C:\Documents and Settings\ania\Dane aplikacji\Winamp2008-06-12 12:27 --------- d-----w C:\Program Files\Neostrada TP2008-05-27 18:10 --------- d-----w C:\Documents and Settings\ania\Dane aplikacji\Canon2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys2008-05-07 05:16 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll2008-04-21 07:03 662,016 ----a-w C:\WINDOWS\system32\wininet.dll2008-03-25 04:52 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll2008-03-25 04:52 178,976 ----a-w C:\WINDOWS\system32\msjint40.dll2008-03-20 22:44 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys2008-03-04 15:31 53,248 ----a-w C:\WINDOWS\unrar.dll2005-11-04 07:29 72,832 ----a-w C:\WINDOWS\inf\CamAvb.sys2007-05-24 20:39 88 --sh--r C:\WINDOWS\system32\[u]0[/u]114F920D4.sys2007-05-24 20:39 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]2007-10-04 22:06 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2007-10-04 22:06 1135968][HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}][HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1][HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}][HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand][HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 22:06 1135968][HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}][HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1][HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}][HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"PC Firewall"="D:\programy\PC Firewall\pcfw.exe" [ ]"Gadu-Gadu"="D:\programy\Gadu-Gadu\gg.exe" [2007-04-19 17:43 2101248]"PcSync"="D:\Programy\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-04-20 09:57 847872]"Skype"="D:\programy\Skype\Phone\Skype.exe" [2008-02-01 17:26 22014760]"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-19 21:35 68856]"Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2007-10-23 02:47 360448][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 09:57 143360]"Tweak UI"="C:\WINDOWS\system32\TWEAKUI.CPL,TweakMeUp" [ ]"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 12:09 49152]"DAEMON Tools"="D:\programy\DAEMON Tools\daemon.exe" [2006-11-12 11:48 157592]"PCSuiteTrayApplication"="D:\Programy\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-03-22 09:39 167936]"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 13:16 185896]"OpwareSE4"="D:\drukarka\OpwareSE4.exe" [2006-10-11 12:45 75304]"WinampAgent"="D:\programy\Winamp\winampa.exe" [2007-10-10 06:28 36352]"avgnt"="D:\programy\Avira\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-17 15:35 262401]"ISTray"="D:\programy\Spyware Doctor\pctsTray.exe" [2008-06-18 14:15 1107848]"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 15:30 249856]"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 15:30 81920]"00PCTFW"="D:\programy\PC Tools Firewall Plus\FirewallGUI.exe" [2007-12-31 09:16 2594712]"AtiPTA"="atiptaxx.exe" [2006-02-22 03:05 344064 C:\WINDOWS\system32\atiptaxx.exe][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]"Magnify"="Magnify.exe" [2004-08-04 00:44 73216 C:\WINDOWS\system32\magnify.exe][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"msacm.l3acm"= l3codecp.acm"vidc.SEDG"= mcs_vfw.dll"msacm.divxa32"= msaud32_divx.acm[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnkbackup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer]--a------ 2005-03-31 09:30 1106944 C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]--------- 2005-12-07 23:57 30208 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]--a------ 2004-01-26 11:38 866816 C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]--a------ 2006-10-12 04:10 49263 C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]--a------ 2007-06-19 21:35 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]C:\Program Files\Save\Save.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSearch]C:\Program Files\DAEMON Tools SearchBar\Search.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSearchWHSE]C:\Program Files\DAEMON Tools SearchBar\whse.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WooCnxMon]--a------ 2003-10-16 18:07 24576 C:\PROGRA~1\NEOSTR~1\CnxMon.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]--------- 2003-10-16 18:07 53248 C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]--------- 2003-10-16 18:07 20480 C:\PROGRA~1\NEOSTR~1\Watch.exe[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="D:\\programy\\BearShare\\BearShare.exe"="D:\\programy\\Gadu-Gadu\\gg.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Opera\\Opera.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="D:\\programy\\GameSpy Arcade\\Aphex.exe"="D:\\programy\\Skype\\Phone\\Skype.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"22892:TCP"= 22892:TCP:BitComet 22892 TCP"22892:UDP"= 22892:UDP:BitComet 22892 UDPR0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);C:\WINDOWS\system32\drivers\sfdrv01a.sys [2006-07-05 14:46]R0 viasraid;viasraid;C:\WINDOWS\system32\drivers\viasraid.sys [2003-10-31 13:22]R1 atitray;atitray;C:\Program Files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys [2007-11-05 09:55]R1 papycpu;papycpu;C:\WINDOWS\system32\drivers\papycpu.sys [1998-10-06 14:36]R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-01-04 14:13]R1 pctmp;PC Tools Firewall Memory Protection Driver;C:\WINDOWS\system32\drivers\pctmp.sys [2008-01-04 14:13]R1 pctssipc;PC Tools Security Suite IPC Driver;C:\WINDOWS\system32\drivers\pctssipc.sys [2008-01-04 14:13]R1 SSHDRV65;SSHDRV65;C:\WINDOWS\system32\drivers\SSHDRV65.sys [2008-01-13 16:22]R1 SSHDRV79;SSHDRV79;C:\WINDOWS\system32\drivers\SSHDRV79.sys [2008-01-13 16:48]S1 SandBox;Outpost Firewall Sandbox Driver;C:\Program Files\Agnitum\Outpost Firewall\kernel\Sandbox.SYS []S1 VFILT;Outpost Firewall Kernel Driver;C:\Program Files\Agnitum\Outpost Firewall\kernel\FILTNT.SYS []S3 ADBLOCK.DLL;Outpost Firewall PlugIn (ADBLOCK.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\ADBLOCK.DLL []S3 ARP.DLL;Outpost Firewall PlugIn (ARP.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\ARP.DLL []S3 CONTENT.DLL;Outpost Firewall PlugIn (CONTENT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\CONTENT.DLL []S3 DNSCACHE.DLL;Outpost Firewall PlugIn (DNSCACHE.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\DNSCACHE.DLL []S3 FTPFILT.DLL;Outpost Firewall PlugIn (FTPFILT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\FTPFILT.DLL []S3 HTMLFILT.DLL;Outpost Firewall PlugIn (HTMLFILT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\HTMLFILT.DLL []S3 HTTPFILT.DLL;Outpost Firewall PlugIn (HTTPFILT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\HTTPFILT.DLL []S3 IMAPFILT.DLL;Outpost Firewall PlugIn (IMAPFILT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\IMAPFILT.DLL []S3 MAILFILT.DLL;Outpost Firewall PlugIn (MAILFILT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\MAILFILT.DLL []S3 NNTPFILT.DLL;Outpost Firewall PlugIn (NNTPFILT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\NNTPFILT.DLL []S3 POP3FILT.DLL;Outpost Firewall PlugIn (POP3FILT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\POP3FILT.DLL []S3 PROTECT.DLL;Outpost Firewall PlugIn (PROTECT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\PROTECT.DLL []S3 SECRET.DLL;Outpost Firewall PlugIn (SECRET.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\SECRET.DLL []S3 XDva136;XDva136;C:\WINDOWS\system32\XDva136.sys [][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a719cc0-cd79-11db-9504-00112fc51c5d}]\Shell\AutoRun\command - H:\LaunchU3.exe -a*Newly Created Service* - CATCHME.Contents of the 'Scheduled Tasks' folder"2008-06-25 20:14:11 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"- C:\Program Files\Apple Software Update\SoftwareUpdate.exe.**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-06-30 20:53:06Windows 5.1.2600 Dodatek Service Pack 2 NTFSdetected NTDLL code modification:ZwClosescanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.Completion time: 2008-06-30 20:54:56ComboFix-quarantined-files.txt 2008-06-30 18:54:37Pre-Run: 3,680,882,688 bajtów wolnychPost-Run: 5,356,195,840 bajtów wolnych196 --- E O F --- 2008-06-20 17:37:15 o matko,co to jest w ogóle?czarna magia dla mnie xD
CatchMe komentarz 30 czerwca 2008 komentarz 30 czerwca 2008 Użyć narzędzie SDFix i wkleić z niego raport.
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.